SUSE-SU-2013:1530-1: Security update for Real Time Linux Kernel

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Oct 7 15:04:10 MDT 2013


   SUSE Security Update: Security update for Real Time Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1530-1
Rating:             low
References:         #745640 #760407 #765523 #773006 #773255 #773837 
                    #783475 #785901 #789010 #801427 #803320 #804482 
                    #805371 #806396 #806976 #807471 #807502 #808940 
                    #809122 #812526 #812974 #813604 #813733 #814336 
                    #815320 #816043 #817035 #817377 #818465 #819363 
                    #819523 #820172 #820434 #821052 #821235 #822066 
                    #822077 #822575 #822825 #823082 #823342 #823497 
                    #823517 #824159 #824295 #824915 #825048 #825142 
                    #825227 #825591 #825657 #825887 #826350 #826960 
                    #827372 #827376 #827378 #827749 #827750 #827808 
                    #828119 #828192 #828574 #828714 #829082 #829357 
                    #829622 #830901 #831055 #831058 #831410 #831949 
                    
Cross-References:   CVE-2013-1059 CVE-2013-1774 CVE-2013-1819
                    CVE-2013-1929 CVE-2013-2148 CVE-2013-2164
                    CVE-2013-2232 CVE-2013-2234 CVE-2013-2237
                    CVE-2013-2851 CVE-2013-4162 CVE-2013-4163
                   
Affected Products:
                    SUSE Linux Enterprise Real Time 11 SP2
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 60 fixes
   is now available. It includes one version update.

Description:


   The SUSE Linux Enterprise 11 Service Pack 2 kernel has been
   updated to  version 3.0.93 and includes various bug and
   security fixes.

   The following security bugs have been fixed:

   *

   CVE-2013-2148: The fill_event_metadata function in
   fs/notify/fanotify/fanotify_user.c in the Linux kernel did
   not initialize a certain structure member, which allowed
   local users to obtain sensitive information from kernel
   memory via a read operation on the fanotify descriptor.

   *

   CVE-2013-2237: The key_notify_policy_flush function
   in net/key/af_key.c in the Linux kernel did not initialize
   a certain structure member, which allowed local users to
   obtain sensitive information from kernel heap memory by
   reading a broadcast message from the notify_policy
   interface of an IPSec key_socket.

   *

   CVE-2013-2232: The ip6_sk_dst_check function in
   net/ipv6/ip6_output.c in the Linux kernel allowed local
   users to cause a denial of service (system crash) by using
   an AF_INET6 socket for a connection to an IPv4 interface.

   *

   CVE-2013-2234: The (1) key_notify_sa_flush and (2)
   key_notify_policy_flush functions in net/key/af_key.c in
   the Linux kernel did not initialize certain structure
   members, which allowed local users to obtain sensitive
   information from kernel heap memory by reading a broadcast
   message from the notify interface of an IPSec key_socket.

   *

   CVE-2013-4162: The udp_v6_push_pending_frames
   function in net/ipv6/udp.c in the IPv6 implementation in
   the Linux kernel made an incorrect function call for
   pending data, which allowed local users to cause a denial
   of service (BUG and system crash) via a crafted application
   that uses the UDP_CORK option in a setsockopt system call.

   *

   CVE-2013-1059: net/ceph/auth_none.c in the Linux
   kernel allowed remote attackers to cause a denial of
   service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact via an auth_reply
   message that triggers an attempted build_request operation.

   *

   CVE-2013-2164: The mmc_ioctl_cdrom_read_data function
   in drivers/cdrom/cdrom.c in the Linux kernel allowed local
   users to obtain sensitive information from kernel memory
   via a read operation on a malfunctioning CD-ROM drive.

   *

   CVE-2013-2851: Format string vulnerability in the
   register_disk function in block/genhd.c in the Linux kernel
   allowed local users to gain privileges by leveraging root
   access and writing format string specifiers to
   /sys/module/md_mod/parameters/new_array in order to create
   a crafted /dev/md device name.

   *

   CVE-2013-4163: The ip6_append_data_mtu function in
   net/ipv6/ip6_output.c in the IPv6 implementation in the
   Linux kernel did not properly maintain information about
   whether the IPV6_MTU setsockopt option had been specified,
   which allowed local users to cause a denial of service (BUG
   and system crash) via a crafted application that uses the
   UDP_CORK option in a setsockopt system call.

   *

   CVE-2013-1929: Heap-based buffer overflow in the
   tg3_read_vpd function in
   drivers/net/ethernet/broadcom/tg3.c in the Linux kernel
   allowed physically proximate attackers to cause a denial of
   service (system crash) or possibly execute arbitrary code
   via crafted firmware that specifies a long string in the
   Vital Product Data (VPD) data structure.

   *

   CVE-2013-1819: The _xfs_buf_find function in
   fs/xfs/xfs_buf.c in the Linux kernel did not validate block
   numbers, which allowed local users to cause a denial of
   service (NULL pointer dereference and system crash) or
   possibly have unspecified other impact by leveraging the
   ability to mount an XFS filesystem containing a metadata
   inode with an invalid extent map.

   *

   CVE-2013-1774: The chase_port function in
   drivers/usb/serial/io_ti.c in the Linux kernel allowed
   local users to cause a denial of service (NULL pointer
   dereference and system crash) via an attempted /dev/ttyUSB
   read or write operation on a disconnected Edgeport USB
   serial converter.

   Also the following bugs have been fixed:

   BTRFS:

   * btrfs: merge contigous regions when loading free
   space cache
   * btrfs: fix how we deal with the orphan block rsv
   * btrfs: fix wrong check during log recovery
   * btrfs: change how we indicate we are adding csums
   * btrfs: flush delayed inodes if we are short on space
   (bnc#801427).
   * btrfs: rework shrink_delalloc (bnc#801427).
   * btrfs: fix our overcommit math (bnc#801427).
   * btrfs: delay block group item insertion (bnc#801427).
   * btrfs: remove bytes argument from do_chunk_alloc
   (bnc#801427).
   * btrfs: run delayed refs first when out of space
   (bnc#801427).
   * btrfs: do not commit instead of overcommitting
   (bnc#801427).
   * btrfs: do not take inode delalloc mutex if we are a
   free space inode (bnc#801427).
   * btrfs: fix chunk allocation error handling
   (bnc#801427).
   * btrfs: remove extent mapping if we fail to add chunk
   (bnc#801427).
   * btrfs: do not overcommit if we do not have enough
   space for global rsv (bnc#801427).
   * btrfs: rework the overcommit logic to be based on the
   total size (bnc#801427).
   * btrfs: steal from global reserve if we are cleaning
   up orphans (bnc#801427).
   * btrfs: clear chunk_alloc flag on retryable failure
   (bnc#801427).
   * btrfs: use reserved space for creating a snapshot
   (bnc#801427).
   * btrfs: cleanup to make the function
   btrfs_delalloc_reserve_metadata more logic (bnc#801427).
   * btrfs: fix space leak when we fail to reserve
   metadata space (bnc#801427).
   * btrfs: fix space accounting for unlink and rename
   (bnc#801427).
   * btrfs: allocate new chunks if the space is not enough
   for global rsv (bnc#801427).
   * btrfs: various abort cleanups (bnc#812526 bnc#801427).
   * btrfs: simplify unlink reservations (bnc#801427).

   OTHER:

   * x86: Add workaround to NMI iret woes (bnc#831949).
   *

   x86: Do not schedule while still in NMI context
   (bnc#831949).

   *

   bnx2x: Avoid sending multiple statistics queries
   (bnc#814336).

   *

   bnx2x: protect different statistics flows
   (bnc#814336).

   *

   futex: Take hugepages into account when generating
   futex_key.

   *

   drivers/hv: util: Fix a bug in version negotiation
   code for util services (bnc#828714).

   *

   printk: Add NMI ringbuffer (bnc#831949).

   * printk: extract ringbuffer handling from vprintk
   (bnc#831949).
   * printk: NMI safe printk (bnc#831949).
   * printk: Make NMI ringbuffer size independent on
   log_buf_len (bnc#831949).
   * printk: Do not call console_unlock from nmi context
   (bnc#831949).
   *

   printk: Do not use printk_cpu from finish_printk
   (bnc#831949).

   *

   mlx4_en: Adding 40gb speed report for ethtool
   (bnc#831410).

   *

   reiserfs: Fixed double unlock in reiserfs_setattr
   failure path.

   * reiserfs: delay reiserfs lock until journal
   initialization (bnc#815320).
   * reiserfs: do not lock journal_init() (bnc#815320).
   * reiserfs: locking, handle nested locks properly
   (bnc#815320).
   * reiserfs: locking, push write lock out of xattr code
   (bnc#815320).
   *

   reiserfs: locking, release lock around quota
   operations (bnc#815320).

   *

   NFS: support "nosharetransport" option (bnc#807502,
   bnc#828192, FATE#315593).

   *

   dm mpath: add retain_attached_hw_handler feature
   (bnc#760407).

   *

   scsi_dh: add scsi_dh_attached_handler_name
   (bnc#760407).

   *

   bonding: disallow change of MAC if fail_over_mac
   enabled (bnc#827376).

   * bonding: propagate unicast lists down to slaves
   (bnc#773255 bnc#827372).
   * bonding: emit address change event also in
   bond_release (bnc#773255 bnc#827372).
   *

   bonding: emit event when bonding changes MAC
   (bnc#773255 bnc#827372).

   *

   SUNRPC: Ensure we release the socket write lock if
   the rpc_task exits early (bnc#830901).

   *

   ext4: force read-only unless rw=1 module option is
   used (fate#314864).

   *

   HID: fix unused rsize usage (bnc#783475).

   *

   HID: fix data access in implement() (bnc#783475).

   *

   xfs: fix deadlock in xfs_rtfree_extent with kernel
   v3.x (bnc#829622).

   *

   r8169: allow multicast packets on sub-8168f chipset
   (bnc#805371).

   * r8169: support new chips of RTL8111F (bnc#805371).
   * r8169: define the early size for 8111evl (bnc#805371).
   * r8169: fix the reset setting for 8111evl (bnc#805371).
   * r8169: add MODULE_FIRMWARE for the firmware of
   8111evl (bnc#805371).
   * r8169: fix sticky accepts packet bits in RxConfig
   (bnc#805371).
   * r8169: adjust the RxConfig settings (bnc#805371).
   * r8169: support RTL8111E-VL (bnc#805371).
   * r8169: add ERI functions (bnc#805371).
   * r8169: modify the flow of the hw reset (bnc#805371).
   * r8169: adjust some registers (bnc#805371).
   * r8169: check firmware content sooner (bnc#805371).
   * r8169: support new firmware format (bnc#805371).
   * r8169: explicit firmware format check (bnc#805371).
   *

   r8169: move the firmware down into the device private
   data (bnc#805371).

   *

   mm: link_mem_sections make sure nmi watchdog does not
   trigger while linking memory sections (bnc#820434).

   *

   kernel: lost IPIs on CPU hotplug (bnc#825048,
   LTC#94784).

   *

   iwlwifi: use correct supported firmware for 6035 and
   6000g2 (bnc#825887).

   *

   watchdog: Update watchdog_thresh atomically
   (bnc#829357).

   * watchdog: update watchdog_tresh properly (bnc#829357).
   * watchdog:
   watchdog-make-disable-enable-hotplug-and-preempt-save.patch
   (bnc#829357).
   *

   include/1/smp.h: define __smp_call_function_single
   for !CONFIG_SMP (bnc#829357).

   *

   lpfc: Return correct error code on bsg_timeout
   (bnc#816043).

   *

   dm-multipath: Drop table when retrying ioctl
   (bnc#808940).

   *

   scsi: Do not retry invalid function error
   (bnc#809122).

   *

   scsi: Always retry internal target error (bnc#745640,
   bnc#825227).

   *

   ibmvfc: Driver version 1.0.1 (bnc#825142).

   * ibmvfc: Fix for offlining devices during error
   recovery (bnc#825142).
   * ibmvfc: Properly set cancel flags when cancelling
   abort (bnc#825142).
   * ibmvfc: Send cancel when link is down (bnc#825142).
   * ibmvfc: Support FAST_IO_FAIL in EH handlers
   (bnc#825142).
   *

   ibmvfc: Suppress ABTS if target gone (bnc#825142).

   *

   fs/dcache.c: add cond_resched() to
   shrink_dcache_parent() (bnc#829082).

   *

   kmsg_dump: do not run on non-error paths by default
   (bnc#820172).

   *

   mm: honor min_free_kbytes set by user (bnc#826960).

   *

   hyperv: Fix a kernel warning from
   netvsc_linkstatus_callback() (bnc#828574).

   *

   RT: Fix up hardening patch to not gripe when avg >
   available, which lockless access makes possible and happens
   in -rt kernels running a cpubound ltp realtime testcase.
   Just keep the output sane in that case.

   *

   md/raid10: Fix two bug affecting RAID10 reshape (-).

   *

   Allow NFSv4 to run execute-only files (bnc#765523).

   *

   fs/ocfs2/namei.c: remove unecessary ERROR when
   removing non-empty directory (bnc#819363).

   *

   block: Reserve only one queue tag for sync IO if only
   3 tags are available (bnc#806396).

   *

   drm/i915: Add wait_for in init_ring_common
   (bnc#813604).

   *

   drm/i915: Mark the ringbuffers as being in the GTT
   domain (bnc#813604).

   *

   ext4: avoid hang when mounting non-journal
   filesystems with orphan list (bnc#817377).

   *

   autofs4 - fix get_next_positive_subdir() (bnc#819523).

   *

   ocfs2: Add bits_wanted while calculating credits in
   ocfs2_calc_extend_credits (bnc#822077).

   *

   re-enable io tracing (bnc#785901).

   *

   SUNRPC: Prevent an rpc_task wakeup race (bnc#825591).

   *

   tg3: Prevent system hang during repeated EEH errors
   (bnc#822066).

   *

   backends: Check for insane amounts of requests on the
   ring.

   *

   Update Xen patches to 3.0.82.

   *

   netiucv: Hold rtnl between name allocation and device
   registration (bnc#824159).

   *

   drm/edid: Do not print messages regarding stereo or
   csync by default (bnc #821235).

   *

   net/sunrpc: xpt_auth_cache should be ignored when
   expired (bnc#803320).

   * sunrpc/cache: ensure items removed from cache do not
   have pending upcalls (bnc#803320).
   * sunrpc/cache: remove races with queuing an upcall
   (bnc#803320).
   *

   sunrpc/cache: use cache_fresh_unlocked consistently
   and correctly (bnc#803320).

   *

   md/raid10 "enough" fixes (bnc#773837).

   *

   Update config files: disable IP_PNP (bnc#822825)

   *

   Disable efi pstore by default (bnc#804482 bnc#820172).

   *

   md: Fix problem with GET_BITMAP_FILE returning wrong
   status (bnc#812974 bnc#823497).

   *

   USB: xHCI: override bogus bulk wMaxPacketSize values
   (bnc#823082).

   *

   ALSA: hda - Fix system panic when DMA > 40 bits for
   Nvidia audio controllers (bnc#818465).

   *

   USB: UHCI: fix for suspend of virtual HP controller
   (bnc#817035).

   *

   mm: mmu_notifier: re-fix freed page still mapped in
   secondary MMU (bnc#821052).

   Security Issue references:

   * CVE-2013-1059
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1059
   >
   * CVE-2013-1774
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
   >
   * CVE-2013-1819
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1819
   >
   * CVE-2013-1929
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
   >
   * CVE-2013-2148
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2148
   >
   * CVE-2013-2164
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2164
   >
   * CVE-2013-2232
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2232
   >
   * CVE-2013-2234
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2234
   >
   * CVE-2013-2237
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2237
   >
   * CVE-2013-2851
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2851
   >
   * CVE-2013-4162
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
   >
   * CVE-2013-4163
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4163
   >

Indications:

   Everyone using the Real Time Linux Kernel on x86_64 architecture should update.

Special Instructions and Notes:

   Please reboot the system after installing this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Real Time 11 SP2:

      zypper in -t patch slertesp2-kernel-8295

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Real Time 11 SP2 (x86_64) [New Version: 3.0.93.rt117]:

      cluster-network-kmp-rt-1.4_3.0.93_rt117_0.5-2.18.62
      cluster-network-kmp-rt_trace-1.4_3.0.93_rt117_0.5-2.18.62
      drbd-kmp-rt-8.4.2_3.0.93_rt117_0.5-0.6.6.53
      drbd-kmp-rt_trace-8.4.2_3.0.93_rt117_0.5-0.6.6.53
      iscsitarget-kmp-rt-1.4.20_3.0.93_rt117_0.5-0.25.25.1
      iscsitarget-kmp-rt_trace-1.4.20_3.0.93_rt117_0.5-0.25.25.1
      kernel-rt-3.0.93.rt117-0.5.1
      kernel-rt-base-3.0.93.rt117-0.5.1
      kernel-rt-devel-3.0.93.rt117-0.5.1
      kernel-rt_trace-3.0.93.rt117-0.5.1
      kernel-rt_trace-base-3.0.93.rt117-0.5.1
      kernel-rt_trace-devel-3.0.93.rt117-0.5.1
      kernel-source-rt-3.0.93.rt117-0.5.1
      kernel-syms-rt-3.0.93.rt117-0.5.1
      lttng-modules-kmp-rt-2.0.4_3.0.93_rt117_0.5-0.7.44
      lttng-modules-kmp-rt_trace-2.0.4_3.0.93_rt117_0.5-0.7.44
      ocfs2-kmp-rt-1.6_3.0.93_rt117_0.5-0.11.61
      ocfs2-kmp-rt_trace-1.6_3.0.93_rt117_0.5-0.11.61
      ofed-kmp-rt-1.5.2_3.0.93_rt117_0.5-0.28.28.33
      ofed-kmp-rt_trace-1.5.2_3.0.93_rt117_0.5-0.28.28.33


References:

   http://support.novell.com/security/cve/CVE-2013-1059.html
   http://support.novell.com/security/cve/CVE-2013-1774.html
   http://support.novell.com/security/cve/CVE-2013-1819.html
   http://support.novell.com/security/cve/CVE-2013-1929.html
   http://support.novell.com/security/cve/CVE-2013-2148.html
   http://support.novell.com/security/cve/CVE-2013-2164.html
   http://support.novell.com/security/cve/CVE-2013-2232.html
   http://support.novell.com/security/cve/CVE-2013-2234.html
   http://support.novell.com/security/cve/CVE-2013-2237.html
   http://support.novell.com/security/cve/CVE-2013-2851.html
   http://support.novell.com/security/cve/CVE-2013-4162.html
   http://support.novell.com/security/cve/CVE-2013-4163.html
   https://bugzilla.novell.com/745640
   https://bugzilla.novell.com/760407
   https://bugzilla.novell.com/765523
   https://bugzilla.novell.com/773006
   https://bugzilla.novell.com/773255
   https://bugzilla.novell.com/773837
   https://bugzilla.novell.com/783475
   https://bugzilla.novell.com/785901
   https://bugzilla.novell.com/789010
   https://bugzilla.novell.com/801427
   https://bugzilla.novell.com/803320
   https://bugzilla.novell.com/804482
   https://bugzilla.novell.com/805371
   https://bugzilla.novell.com/806396
   https://bugzilla.novell.com/806976
   https://bugzilla.novell.com/807471
   https://bugzilla.novell.com/807502
   https://bugzilla.novell.com/808940
   https://bugzilla.novell.com/809122
   https://bugzilla.novell.com/812526
   https://bugzilla.novell.com/812974
   https://bugzilla.novell.com/813604
   https://bugzilla.novell.com/813733
   https://bugzilla.novell.com/814336
   https://bugzilla.novell.com/815320
   https://bugzilla.novell.com/816043
   https://bugzilla.novell.com/817035
   https://bugzilla.novell.com/817377
   https://bugzilla.novell.com/818465
   https://bugzilla.novell.com/819363
   https://bugzilla.novell.com/819523
   https://bugzilla.novell.com/820172
   https://bugzilla.novell.com/820434
   https://bugzilla.novell.com/821052
   https://bugzilla.novell.com/821235
   https://bugzilla.novell.com/822066
   https://bugzilla.novell.com/822077
   https://bugzilla.novell.com/822575
   https://bugzilla.novell.com/822825
   https://bugzilla.novell.com/823082
   https://bugzilla.novell.com/823342
   https://bugzilla.novell.com/823497
   https://bugzilla.novell.com/823517
   https://bugzilla.novell.com/824159
   https://bugzilla.novell.com/824295
   https://bugzilla.novell.com/824915
   https://bugzilla.novell.com/825048
   https://bugzilla.novell.com/825142
   https://bugzilla.novell.com/825227
   https://bugzilla.novell.com/825591
   https://bugzilla.novell.com/825657
   https://bugzilla.novell.com/825887
   https://bugzilla.novell.com/826350
   https://bugzilla.novell.com/826960
   https://bugzilla.novell.com/827372
   https://bugzilla.novell.com/827376
   https://bugzilla.novell.com/827378
   https://bugzilla.novell.com/827749
   https://bugzilla.novell.com/827750
   https://bugzilla.novell.com/827808
   https://bugzilla.novell.com/828119
   https://bugzilla.novell.com/828192
   https://bugzilla.novell.com/828574
   https://bugzilla.novell.com/828714
   https://bugzilla.novell.com/829082
   https://bugzilla.novell.com/829357
   https://bugzilla.novell.com/829622
   https://bugzilla.novell.com/830901
   https://bugzilla.novell.com/831055
   https://bugzilla.novell.com/831058
   https://bugzilla.novell.com/831410
   https://bugzilla.novell.com/831949
   http://download.novell.com/patch/finder/?keywords=5a7e4b634fc70fee57177f0dad3d8008



More information about the sle-security-updates mailing list